Date: 12/29/04 (PHP Development)    Keywords: php, mysql, browser, database, sql, security, web

i am preparing to design a website for my family. i'd like it to have a secure log-in, which references usernames and passwords in a mysql database. i'd like the rest of the website to be secure, meaning, if you're not logged in, you're redirected to the index. i'm planning to use sessions with cookies. as i'm relatively new to security in web design, i'd like some advice.

i know the login.php script will check the username and password against a corresponding user table. if the login succeeds, a call will be made to session_start(). session_start() will be called on all subsequent pages, as well as a check to see if the login status is true (or something like that). herein is my first question:
what should each subsequent page of the site check for?

do i need to turn SSL on or will sessions, cookies and a database be enough? (it doesn't need to be super tight--mainly, some of my aunts and uncles don't want the pictures of their bikini clad daughters from our beach trips accessible to just anyone over the net.)

... i guess i'm not entirely sure what else to ask. i suppose that i'll need to make each page check to see if the above mentioned login status variable is set to true, but how do i set it to false? do i just design the session or cookie to expire when the browser is closed?

any help or feedback is appreciated. if you know of a good site (that's easy to understand) which goes over what you need to do to design s secure site, please let me know.

ah, by the way, the environment i'm designing this site for is a RedHat server with PHP4.3.9 and MySQL4.0

thanks for your help

Source: http://www.livejournal.com/community/php_dev/50687.html

Date: 12/23/04 (PHP Development)    Keywords: php, virus, web

hey, my name is Phil. i started learning PHP back in september. for some reason it didn't occur to me until now to join some lj communities about it. i just did some poking around about what looked like a virus going around some good sites and thought i'd leave a note about it, sorry if this is old news for you all:

for those of you who run your own websites, there is a nasty worm going around servers with older versions of phpBB2 installed. it's called NeverEverNoSanity; if you go to a website and see a black background with red text which says "This site has been defaced!" then you know it got hit. anyway, upgrading to the latest version, phpBB 2.0.11 is supposed to fix the problem. just thought i'd let you know.

here's a link: php.BB.com :: View topic - PHP exploits and phpBB.

-P.

Source: http://www.livejournal.com/community/php_dev/50288.html

Date: 11/28/04 (PHP Development)    Keywords: php, html

Just VNCed in to my mom's machine to get the file. I did a test upload again to get the error.

Fatal error: Allowed memory size of 8388608 bytes exhausted at (null):0 (tried to allocate 4096 bytes) in /srv/www/htdocs/jeff/phpnuke/html/modules/My_Album/thumbnail.php on line 42

Line 42: $this->img["src"] = ImageCreateFromJPEG ($imgfile);

It successfully uploads the two pictures. However, only the first thumbnail is created. It gets completely through the routine the first time around.

Not sure why it freaks the second time around. On a hunch, I took the files and tried them locally, but I get the same error.

Is there something that could be at issue with the images themselves? The are just digital camera pictures.

Looks like more testing.

Any ideas?

Source: http://www.livejournal.com/community/php_dev/50028.html

Date: 11/17/04 (PHP Development)    Keywords: php, mysql, database, sql, web

(x-posted all over the damn place)

I am currently looking for a good web host that offer Tomcat AND php AND some kind of database (MySQL or PostGres - I'm not picky). I'd also like to go with someone who has a sane usage policy (I once had a site yanked by addr.net due to "inappropriate content").

Currently, http://www.oxxus.net/ looks pretty good.

Anyone have any other suggestions?

Source: http://www.livejournal.com/community/php_dev/49616.html

Date: 09/28/04 (PHP Development)    Keywords: php, html, web

cross posted in php

i'm about to rewrite a website and i'd like to use a template engine for it. i'm going to base the bulk of it on PEAR, but i'm not sure about which template package to use.

of the PEAR template packages, at this stage i'm considering using HTML_Sigma. but i'm also looking into Smarty.

i haven't used Smarty or any of the PEAR template packages before and i've only just started playing with Smarty.

so what do people think is better: PEAR or Smarty?

and why?

Source: http://www.livejournal.com/community/php_dev/48674.html

Date: 09/22/04 (PHP Development)    Keywords: php, web, hosting

So I am about to start on a project for a customer, and I would like to use PHPv5 for it. However my standard hosting provider (powweb) only uses php v4. Does anyone know if there is an inexpensive hosting company that supports v5 of php? As well as generally has good service.

Source: http://www.livejournal.com/community/php_dev/48460.html

Date: 09/09/04 (PHP Development)    Keywords: php

I have a large ammount of global data that I need to access in a PHP script. Imagine the following file data.php:



But instead of three lines there are 100,000. If I include(data.php) in another script, does that mean the whole 100,000 line file will be read and parsed on every request, or will the content be kept in memory somehow? Is there some way that I can force it to stay in memory?

Source: http://www.livejournal.com/community/php_dev/47935.html

Date: 08/27/04 (PHP Development)    Keywords: php, java, hosting

Hey guys, just wondering if any of you recommend any particular co-lo providers.

Looking at hosting one box (maybe 2 in the future). At the moment I haven't talked to the customer enough to find how much traffic we're looking at, but somewhere between 50-100 GB a month max I'd have thought, possibly less.

Being located in the UK (particularly london) would be particularly useful, although I'm willing to consider other options.

X-Posted to php, php_dev java_dev livejournal_uk

EDIT: Dedicated hosting may also be possible, depending on how much flexibility we get...

Source: http://www.livejournal.com/community/php_dev/47594.html

Date: 08/26/04 (PHP Development)    Keywords: php, software, html, asp, hosting

i've been using pair networks to host my html only page for www.fablesoft.com for a few years now, but i'm going to need php hosting soon and would rather not pay upwards of $20 just to have php enabled.. i've come across doteasy.com for $9.95 a month... but i dunno, any suggestions? any horror stories?

one thing i can say for pair is that they are RELIABLE, not that my silly software site needs ultra-reliability hosting or anything, but that's a nice aspect of pair.

Source: http://www.livejournal.com/community/php_dev/47192.html

Date: 08/25/04 (PHP Development)    Keywords: php, html, database, web

Hello! Sorry if this is an inappropriate place to post this, I'm in a hurry and other places have been little help as of yet.

I need advice. I am trying to create e-cards. I have the images, I need a way of sending them to people. This is for a friend's site that I'm building, and unfortunately she'd really like it within the next two weeks, so I'm trying to find something reletively easy.

I have found many tutorials on the web - this one seemed fairly straightforward with the exception of the MS Access database. I am new to databases of any kind, and don’t have MS Access. I’d like to be able to convert it to PHP but don’t even have a clue how. I did this tutorial as well, but when I used the PHP file that came with it, no text would appear in the card. When I replaced the PHP file with a new one that supposedly fixes that issue from the message forums, I got an error that a lot of users on the site got, but all of them fixed it without explaining how. I am very new to PHP and don’t know how to edit it correctly. I’ve included the PHP file under a cut tag at the end of the post just in case any of you can see what’s wrong with it out of context.

In theory I’d like to find either a very basic tutorial or something I can plug my images/info into, if such a thing exists. Thanks in advance for your help, it’s very much appreciated.




I have this error "Parse error: parse error, unexpected T_STRING, expecting T_CASE or T_DEFAULT or '}" on line 9. I only included the first part of the text after HTML,HEAD, & TITLE since the error is somewhere in line 9. I’ve tried switching the quotes around and using single quote marks instead of double quotes, etc, etc.


$ENum = $_GET["ENum"];
$EcardText = $_GET["EcardText"];
switch ($ENum) {

   case '1':
   $goto = "Ecard1.swf?EcardText=".$EcardText;
   $gotoFooter = "EcardFooter.swf?EcardText=".$EcardText."&EcardSelect=1";
   $Dimensions = "WIDTH=700 HEIGHT=525";
   $DimensionsFooter = "WIDTH=700 HEIGHT=250";
   break;

   case '2':
   $goto = "Ecard2.swf?EcardText=".$EcardText;
   $gotoFooter = "EcardFooter.swf?EcardText=".$EcardText."&EcardSelect=2";
   $Dimensions = "WIDTH=700 HEIGHT=525";
   $DimensionsFooter = "WIDTH=700 HEIGHT=250";
   break;

   case '3':
   $goto = "Ecard3.swf?EcardText=".$EcardText;
   $gotoFooter = "EcardFooter.swf?EcardText=".$EcardText."&EcardSelect=3";
   $Dimensions = "WIDTH=700 HEIGHT=525";
   $DimensionsFooter = "WIDTH=700 HEIGHT=250";
   break;

   case '4':
   $goto = "Ecard4.swf?EcardText=".$EcardText;
   $gotoFooter = "EcardFooter.swf?EcardText=".$EcardText."&EcardSelect=4";
   $Dimensions = "WIDTH=700 HEIGHT=525";
   $DimensionsFooter = "WIDTH=700 HEIGHT=250";
   break;

   case '5':
   $goto = "Ecard5.swf?EcardText=".$EcardText;
   $gotoFooter = "EcardFooter.swf?EcardText=".$EcardText."&EcardSelect=5";
   $Dimensions = "WIDTH=700 HEIGHT=525";
   $DimensionsFooter = "WIDTH=700 HEIGHT=250";
   break;
}

Source: http://www.livejournal.com/community/php_dev/46594.html

Date: 01/28/05 (Elite PHP Development)    Keywords: php

SYN: Jefzila,
Nice bike dude, i've got a Raleigh Race 600. Bikes R0x0r!
welcome to the ranks of php_elite, please post and stuff, show your eliteness.
once We get more members in there (php elite people) that 1. post 2. are actually php elite.
then well have a rockin community and stuff, where others can read up on the posts and ask questions and such of the elite.
so if anyone has any buddies they would consider elite, or if you yourself are elite.
please dont hesitate to speak up, join, or jump on your bed with glee.
-=Evil=-

Source: http://www.livejournal.com/community/php_elite/1449.html

Date: 01/26/05 (Elite PHP Development)    Keywords: php, asp

Hows it going?
so the ranks of php_elite are steadily growing :) 3! oh yeah, were pimpin it now.
Hopefully you will be a contributing member, i s'pose everyone else who joined just joined because
php_elite sounds "kewl man". maybe you will post something interesting on the topic of php.
All discussions of coding are very welcome, however maybe something in an area, such as socket coding,
or possibly using the gd library as a graphics engine for a game, things of that nature are what i would like.
i have wanted to start a post on one of those subjects, but i have been very busy preparing for my move to chicago
that time has been to short of late to write out the entire technical aspect of my project.
im working on it though so expect to see it up here in the near future :).
meanwhile someone, anyone please post your ideas or what not on coding to this community.
-=Levi=-
-=Ro0t=-
http:\\www.dehaanent.com\

Source: http://www.livejournal.com/community/php_elite/1029.html

Date: 01/09/05 (Elite PHP Development)    Keywords: php

Well it seems that i have been neglecting my php_elite posting.
so here is a post.
someone new has joined the rather small group that is php_elite.
Suspchaos
SYN
Whaddup!!!
Howdy
sup
que pasa
aloha
and all that goodness that is a hello.
well im just waiting for someone to post to php_elite besides me.
right now i am working on some code for the roaring fork school district.
for the ELS system, part of Bush (yes, the dumbass pres) 's every child left behind act (ECLB).
it is specifically for tracking children through their progress in the school systems to make sure
that everyone is exactly where they need to be. such as being able to read and write, or being able to
pronounce words, or deduce a words meaning.
as much as the ECLB is made to make sure that kids cannot think for themselves, we are making it an actual
usable tool that will actually Help the kids rather than hinder their progress. if only we could rid the world of
standardised testing, that is just stupid.
well thats my current coding project.
A line of coding zen:

function socket_raw_connect ($server, $port, $timeout,$request)
{
if (!is_numeric($port) or !is_numeric($timeout)) {return false;}
$socket = fsockopen($server, $port, $errno, $errstr, $timeout);
fputs($socket, $request);
$ret = '';
while (!feof($socket))
{
$ret .= fgets($socket, 4096);
}
return $ret;
fclose($socket);
}
ohh give me goosebumps. raw data...*drools*.

Source: http://www.livejournal.com/community/php_elite/850.html

Date: 10/15/04 (Elite PHP Development)    Keywords: php, mysql, database, sql, java

I was lookin around and found this tonight. Very much kewlness, I am hopeing to join in on the fun in the development community so I can add in my ideas to make PHP even better.
This is a little bit of information I picked up on Creating Custom Exceptions and sending data to the parent class from a function in a subclass. Very spiffy.

query("SELECT NOW()");
var_dump($result->fetch_row());
}
catch(ConnectException $exception) {
echo "Connection Error\n";
var_dump($exception->getMessage());
}
catch(QueryException $exception) {
echo "Query Error\n";
var_dump($exception->getMessage());
}
/* Handle exceptions that we weren't expecting */
catch(Exception $exception) {
echo "Who was that masked exception?\n";
var_dump($exception->getMessage());
}

$result->close();
$my->close();

?>

very spiffy, and I will be posting something using the new MySQLi class. Maybe a whole class system for the generation of graphics pulled from a database. Possibly attach that to a javascript paint proggy, or even better a flash paint proggy..... hmmm the posibilities are endless, but i have to get back to my money making... Gotta love it, but it would be so much more fun if i had a project that really challenged my knowledge and abilities, but well get to that someday.
-=Levi=-

Source: http://www.livejournal.com/community/php_elite/504.html

Date: 02/22/05 (PHP Community)    Keywords: php, blogging, sql

is there anyone oout there who knows much about working with Oracle? i have a few questions about a project i'm doing.

i've created a very basic blogging system, the index page displays all of the posts (in a very ugly plain format hehe), and has a link to a page where you can write your post. click Submit and the post is commited to the DB and going back to the indexpage you can see the new post.

I'd like to be able to display the posts in a more attractive way, but i'm not sure how. I really only know the basics of PHP and SQL.
The second thing i'd like is to have the ability to comment on each post, similar to LJ really.

All source code for the pages can be provided if anyone would like to tackle this. If someone has the time to step-by-step me through these i'd be super grateful! if someone feels kind enough to write the code and be done with it, even better. Or if ou are feeling cryptic and just want to supply some really good links to sites that deal with PHP/Oracle tutorials, that would be helpful too! :)

-fingers crossed-

pretty please? :)

paul.

Source: http://www.livejournal.com/community/php/265005.html

Date: 02/23/05 (PHP Community)    Keywords: php, mysql, xml, sql, java, linux, apache

I'm having a few problems getting Mambo working on FreeBSD 5.3

Whenever I try to log in to the administrators account, with a valid username\password, you get presented with the same screen with the username\password boxes still filled in. /var/log/messages states "Feb 23 17:42:42 linux kernel: pid 15803 (httpd), uid 1006: exited on signal 11"

Nothing is written to the Apache access or error logs

If I try to log in with an invalid combo, a JavaScript popup tells me I got either the username or password wrong. So, the authentication is sort-of happening

The only useful thread I've found on the Mambo forums was this one. Which states "To all who have this issue, it is a problem with duplicate extension entries in your php.ini"

All I have in my php.ini that contains references to extension are:

extension_dir = "/usr/local/lib/php/20020429/"
extension=session.so
extension=mysql.so

So there aren't any duplicates

I really don't know much about setting PHP up. Does anyone have any pointers?

I seem to remember having this problem in the past with Gallery, and the issue was resolved by installing php4-extensions

Here's the version of all PHP stuff I have installed:

# portversion -v | grep php
mod_php4-4.3.10_2,1         =  up-to-date with port
php4-bz2-4.3.10_2           =  up-to-date with port
php4-ctype-4.3.10_2         =  up-to-date with port
php4-extensions-1.0         =  up-to-date with port
php4-gd-4.3.10_2            =  up-to-date with port
php4-mysql-4.3.10_2         =  up-to-date with port
php4-openssl-4.3.10_2       =  up-to-date with port
php4-overload-4.3.10_2      =  up-to-date with port
php4-pcre-4.3.10_2          =  up-to-date with port
php4-posix-4.3.10_2         =  up-to-date with port
php4-session-4.3.10_2       =  up-to-date with port
php4-snmp-4.3.10_2          =  up-to-date with port
php4-tokenizer-4.3.10_2     =  up-to-date with port
php4-xml-4.3.10_2           =  up-to-date with port
php4-zlib-4.3.10_2          =  up-to-date with port
phpMyAdmin-2.6.1            =  up-to-date with port

Source: http://www.livejournal.com/community/php/265349.html

Date: 02/24/05 (PHP Community)    Keywords: php

Hi. I think this is my first real post to this community, though I've been lurking for a while and have probably commented on a few posts here and there. I hope this isn't too long; I tried to find a good place to lj-cut it, and couldn't really. Let me know if it's a problem, and I'll cut it anyway.

I routinely have situations where I have a function return an array indexed by name (an associative array or hash, for those who also speak Perl), and I don't need the entire array. I really just need one value. For example, let's say I have a function "somefunc()", which returns an array like:

Array
(
     [key1] => foo
     [key2] => bar
     [key3] => baz
)

$somevar = {somefunc($arg1, $arg2)}->{'key2'}

$temp_var = somefunc($arg1, $arg2);
$somevar = $temp_var{'key2'};

$somevar = array_search('key2', array_flip(somefunc($arg1, $arg2)));

Array
(
     [key1] => foo
     [key2] => bar
     [key3] => baz
     [key4] => foo
)

Source: http://www.livejournal.com/community/php/265821.html

Date: 02/27/05 (PHP Community)    Keywords: php, blogging, html, security

I hope you don't mind me asking this here (seems a good a place as any, in my opinion), but I've got a quick question.

Can anyone offer some suggestions on a good PHP-based blogging script? It just needs to work for me (meaning it doesn't have to be community-oriented). All I really need is a subject, entry, basic archives, comments, post icons, html formatting (but auto newlines would be handy), music, moods, screening (security), and ... that's about it. Sounds longer when you write it out.

I've looked over Bloxsom, and it looks good, but it's only in Perl. I've seen a couple of Bloxsoms in PHP, but not sure what to use...

I've also seen PHPBBlog, or whatever it's called. Anyone have an opinion on that?

Of course, like a true PHP Guru, I suppose I should build one myself.

Source: http://www.livejournal.com/community/php/266519.html

Date: 02/27/05 (PHP Community)    Keywords: php, mysql, xml, sql

Can anyone recommend a good script they know of that is used to get XML into MySQL, via PHP? I'm creating my own but would like to see some examples if you know of any, thanks!

Source: http://www.livejournal.com/community/php/266834.html

Date: 02/27/05 (PHP Development)    Keywords: php, asp

Hi everyone,

I'm new in this community. I just recently learning about php (coming from asp background). I'm sure there are some people out there who is in the similar situation like me...(do you get mixed up writing the code sometimes? lol). Anyway, I just found out about mod_rewrite, just want to double check if this is what you use to make query string more search engine friendly? I had a look at the manual too..is there simpler explanation/tutorial available?

Source: http://www.livejournal.com/community/php_dev/53016.html